[ThatDude84]

I seem to be infected with virus and was looking for some help. It's removed all my programs from the start menu and the desktop icons with the exception of a few. It also runs a fake security check on start up. Any help is appreciated.

[Advertisements]

Hello ThatDude84 and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

After this step don't restart your PC and run Step 2

Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

• RogueKiller log
• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[maliprog]

Hello ThatDude84 and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

After this step don't restart your PC and run Step 2

Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

• RogueKiller log
• OTL log
• OTL Extras log

It would be helpful if you could post each log in separate post

[ThatDude84]

Thank you for your response!

Rk Report

RogueKiller V4.3.4 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Laura [Admin rights]
Mode: Scan -- Date : 03/29/2011 09:27:07

Bad processes: 1
[APPDT/TMP/DESKTOP] aKNbuLKJjWPWEKG.exe -- d:\documents and settings\all users\application data\aknbulkjjwpwekg.exe -> KILLED

Registry Entries: 3
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : aKNbuLKJjWPWEKG (D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-839522115-1547161642-682003330-1004[...]\Run : aKNbuLKJjWPWEKG (D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_USNJSVC () -> FOUND

HOSTS File:
ÿþ1

Finished : << RKreport[1].txt >>
RKreport[1].txt

[ThatDude84]

OTL log

OTL logfile created on: 3/29/2011 10:25:16 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Laura\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 211.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 12.67 Gb Total Space | 7.29 Gb Free Space | 57.59% Space Free | Partition Type: FAT32
Drive D: | 37.26 Gb Total Space | 2.77 Gb Free Space | 7.42% Space Free | Partition Type: NTFS
Drive E: | 502.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 09:41:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Laura\My Documents\Downloads\OTL(2).scr
PRC - [2010/07/12 12:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) -- D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | -H-- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2006/03/06 11:31:52 | 001,122,304 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/03/06 11:17:24 | 000,307,200 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
PRC - [2006/03/06 11:16:48 | 000,378,880 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
PRC - [2006/03/06 11:16:12 | 000,198,656 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
PRC - [2006/03/06 11:15:42 | 000,289,792 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
PRC - [2006/03/06 11:14:58 | 000,497,152 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\LCDMon.exe
PRC - [2003/06/03 16:16:58 | 000,122,948 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
PRC - [2003/06/03 07:03:00 | 000,245,836 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
PRC - [2003/06/03 07:03:00 | 000,200,782 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
PRC - [2003/06/03 07:03:00 | 000,200,721 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
PRC - [2003/06/03 07:03:00 | 000,135,185 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee VirusScan\vshwin32.exe
PRC - [2003/02/05 05:02:00 | 000,077,824 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee Firewall\cpd.exe


========== Modules (SafeList) ==========

MOD - [2011/03/29 09:41:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Laura\My Documents\Downloads\OTL(2).scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:11:50 | 000,060,416 | -H-- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) [Auto | Running] -- D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/03 09:00:30 | 000,398,848 | -H-- | M] (Ares Development Group) [On_Demand | Stopped] -- D:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2008/04/13 20:11:55 | 000,035,328 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2003/06/03 07:03:00 | 000,200,721 | -H-- | M] (Network Associates, Inc.) [Auto | Running] -- D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe -- (AvSynMgr)
SRV - [2003/05/15 07:03:00 | 000,245,855 | -H-- | M] () [On_Demand | Stopped] -- D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe -- (McShield)
SRV - [2003/02/05 05:02:00 | 000,077,824 | -H-- | M] (Network Associates, Inc.) [Auto | Running] -- D:\Program Files\McAfee\McAfee Firewall\CPD.EXE -- (McAfee Firewall)
SRV - [2001/08/18 08:00:00 | 000,004,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)


========== Driver Services (SafeList) ==========

DRV - [2010/03/12 22:04:30 | 000,032,768 | -H-- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/03/10 11:36:36 | 000,217,032 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/05 22:48:42 | 000,054,752 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/11 11:58:49 | 000,717,296 | -H-- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2004/11/30 23:12:28 | 000,873,984 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 01:31:18 | 000,036,224 | -H-- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/01/20 12:50:36 | 000,020,648 | -H-- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)
DRV - [2002/08/05 04:00:00 | 000,033,280 | -H-- | M] (Network Associates, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\fw220.sys -- (McAfeePF)
DRV - [2002/05/21 13:40:18 | 000,038,528 | -H-- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\FastNIC.sys -- (FastNIC) SMC EZ Card 10/100 (SMC1244TX V2)
DRV - [2002/04/11 14:47:52 | 000,011,136 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 12:22:04 | 000,023,296 | RH-- | M] () [File_System | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\NaiFiltr.sys -- (NaiFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1561552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.2000
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..keyword.URL: "http://search.alot.c...(F)&pr=auto&q="
FF - prefs.js..network.proxy.http: "81.144.176.136"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla 1.7.3\Extensions\\Components: D:\Program Files\mozilla.org\Mozilla\Components [2011/02/19 00:32:15 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.3\Extensions\\Plugins: D:\Program Files\mozilla.org\Mozilla\Plugins [2011/02/19 00:32:15 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/03/26 14:48:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/03/26 14:48:49 | 000,000,000 | -H-D | M]

[2008/09/04 11:02:07 | 000,000,000 | -H-D | M] (No name found) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Extensions
[2011/03/29 09:38:42 | 000,000,000 | -H-D | M] (No name found) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions
[2009/09/18 18:23:57 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/08 21:13:15 | 000,000,000 | -H-D | M] (TVU Web Player) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions\[email protected]
[2008/07/14 13:38:16 | 000,000,000 | -H-D | M] (Move Media Player) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions\[email protected]
[2010/06/11 11:55:32 | 000,000,000 | -H-D | M] (ALOT Toolbar) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions\[email protected]
[2010/06/11 11:57:20 | 000,002,231 | -H-- | M] () -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\searchplugins\alot-search.xml
[2011/03/29 09:38:42 | 000,000,000 | -H-D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2010/06/09 16:01:33 | 000,000,000 | -H-D | M] (PriceGong) -- D:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010/07/12 12:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/03/27 12:00:19 | 000,000,098 | -H-- | M]) - D:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - D:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Launch LCDMon] D:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] D:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [RoxWatchTray] D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] c:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [aKNbuLKJjWPWEKG] D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe (FPAV)
O4 - HKCU..\Run: [ATI Launchpad] D:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Daemon Tools\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [McAfee.InstantUpdate.Monitor] D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe (Network Associates, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Dan's Stuff\blackberry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///D:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///D:/Program%20Files/Family%20Feud%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zon...oF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\WINDOWS\Mozilla Wallpaper.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Mozilla Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/30 22:06:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/07/14 05:34:24 | 000,000,025 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 12:28:55 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/27 12:28:44 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2011/03/27 12:02:17 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/03/27 11:54:31 | 000,000,000 | -H-D | C] -- D:\_OTL
[2011/03/27 11:16:30 | 000,000,000 | -H-D | C] -- D:\WINDOWS\temp
[2011/03/27 10:35:17 | 000,161,792 | -H-- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2011/03/27 10:35:17 | 000,031,232 | -H-- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2011/03/27 10:35:16 | 000,212,480 | -H-- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2011/03/27 10:35:16 | 000,136,704 | -H-- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2011/03/27 10:34:42 | 000,000,000 | -H-D | C] -- D:\WINDOWS\ERDNT
[2011/03/27 10:33:43 | 000,000,000 | -H-D | C] -- D:\Qoobox
[2011/03/26 13:04:06 | 000,546,816 | -H-- | C] (FPAV) -- D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe

========== Files - Modified Within 30 Days ==========

[2011/03/27 12:35:11 | 000,013,002 | -H-- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/03/27 12:33:48 | 000,000,809 | -H-- | M] () -- D:\Documents and Settings\Laura\Desktop\Windows Repair.lnk
[2011/03/27 12:32:16 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/03/27 12:28:57 | 000,000,784 | -H-- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/27 12:07:07 | 000,000,336 | -H-- | M] () -- D:\Documents and Settings\All Users\Application Data\18407220
[2011/03/27 12:06:51 | 000,467,968 | -H-- | M] () -- D:\Documents and Settings\All Users\Application Data\18407220.exe
[2011/03/27 12:00:19 | 000,000,098 | -H-- | M] () -- D:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/27 10:33:35 | 000,000,000 | -H-- | M] () -- D:\WINDOWS\LCDMedia.INI
[2011/03/26 14:56:54 | 000,000,512 | -H-- | M] () -- D:\PhysicalMBR.bin
[2011/03/26 13:14:46 | 000,000,336 | -H-- | M] () -- D:\Documents and Settings\All Users\Application Data\19455796
[2011/03/26 13:03:03 | 000,546,816 | -H-- | M] (FPAV) -- D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe
[2011/03/23 20:38:05 | 000,000,284 | -H-- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/18 19:03:05 | 000,000,256 | -H-- | M] () -- D:\WINDOWS\System32\pool.bin
[2011/03/17 09:50:52 | 000,432,688 | -H-- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/03/17 09:50:52 | 000,067,660 | -H-- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/03/17 03:02:52 | 000,001,374 | -H-- | M] () -- D:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2067/02/24 16:21:18 | 000,079,947 | -H-- | C] () -- D:\WINDOWS\fw20.vxd
[2011/03/27 12:33:47 | 000,000,809 | -H-- | C] () -- D:\Documents and Settings\Laura\Desktop\Windows Repair.lnk
[2011/03/27 12:28:57 | 000,000,784 | -H-- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/27 12:07:07 | 000,000,336 | -H-- | C] () -- D:\Documents and Settings\All Users\Application Data\18407220
[2011/03/27 12:06:50 | 000,467,968 | -H-- | C] () -- D:\Documents and Settings\All Users\Application Data\18407220.exe
[2011/03/27 10:35:17 | 000,256,512 | -H-- | C] () -- D:\WINDOWS\PEV.exe
[2011/03/27 10:35:17 | 000,089,088 | -H-- | C] () -- D:\WINDOWS\MBR.exe
[2011/03/27 10:35:17 | 000,080,412 | -H-- | C] () -- D:\WINDOWS\grep.exe
[2011/03/27 10:35:17 | 000,068,096 | -H-- | C] () -- D:\WINDOWS\zip.exe
[2011/03/27 10:35:16 | 000,098,816 | -H-- | C] () -- D:\WINDOWS\sed.exe
[2011/03/27 10:33:35 | 000,000,000 | -H-- | C] () -- D:\WINDOWS\LCDMedia.INI
[2011/03/26 14:56:54 | 000,000,512 | -H-- | C] () -- D:\PhysicalMBR.bin
[2011/03/26 13:14:46 | 000,000,336 | -H-- | C] () -- D:\Documents and Settings\All Users\Application Data\19455796
[2010/12/07 14:23:15 | 000,180,224 | -H-- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2010/12/07 14:23:14 | 000,765,952 | -H-- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2010/09/14 20:00:00 | 000,077,336 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2010/03/23 14:26:18 | 000,767,952 | -H-- | C] () -- D:\WINDOWS\BDTSupport.dll
[2010/03/23 13:44:39 | 000,012,452 | -HS- | C] () -- D:\Documents and Settings\Laura\Local Settings\Application Data\20xYJkS83BHk4
[2010/03/23 13:44:39 | 000,012,452 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
[2009/09/17 03:58:11 | 000,000,118 | -H-- | C] () -- D:\WINDOWS\System32\MRT.INI
[2008/09/15 20:11:10 | 000,012,288 | -H-- | C] () -- D:\WINDOWS\System32\DivXWMPExtType.dll
[2008/01/09 07:18:12 | 003,596,288 | -H-- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2007/12/15 19:21:22 | 000,000,256 | -H-- | C] () -- D:\WINDOWS\System32\pool.bin
[2007/01/30 15:52:52 | 000,000,035 | -H-- | C] () -- D:\WINDOWS\worldbuilder.INI
[2006/05/23 18:26:57 | 000,001,050 | -H-- | C] () -- D:\WINDOWS\EReg072.dat
[2005/09/08 17:57:20 | 000,000,621 | -H-- | C] () -- D:\WINDOWS\eReg.dat
[2004/12/23 05:38:13 | 000,001,125 | -H-- | C] () -- D:\WINDOWS\Winamp.ini
[2004/12/13 18:43:01 | 000,000,376 | -H-- | C] () -- D:\WINDOWS\ODBC.INI
[2004/11/09 05:22:47 | 000,235,008 | -H-- | C] () -- D:\Documents and Settings\Laura\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/04 06:00:12 | 000,000,000 | -H-- | C] () -- D:\WINDOWS\ATIMMC.INI
[2004/11/02 03:16:44 | 000,043,520 | -H-- | C] () -- D:\WINDOWS\System32\CmdLineExt03.dll
[2004/11/02 02:54:46 | 000,023,296 | RH-- | C] () -- D:\WINDOWS\System32\drivers\NaiFiltr.sys
[2004/11/02 01:45:05 | 000,004,569 | -H-- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/11/01 01:57:47 | 000,013,373 | -H-- | C] () -- D:\WINDOWS\System32\vctest.ini
[2004/11/01 01:57:38 | 000,009,136 | -H-- | C] () -- D:\WINDOWS\System32\INETWH16.DLL
[2004/11/01 01:55:10 | 000,516,096 | -H-- | C] () -- D:\WINDOWS\System32\ati2sgag.exe
[2004/11/01 01:17:59 | 000,363,520 | -H-- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2004/10/31 20:11:49 | 000,000,335 | -H-- | C] () -- D:\WINDOWS\nsreg.dat
[2004/10/31 20:11:44 | 000,105,168 | -H-- | C] () -- D:\WINDOWS\MozillaUninstall.exe
[2004/10/31 20:11:37 | 000,105,168 | -H-- | C] () -- D:\WINDOWS\GREUninstall.exe
[2004/10/31 20:11:34 | 000,007,539 | -H-- | C] () -- D:\WINDOWS\mozver.dat
[2004/10/30 22:08:28 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2004/10/30 22:02:53 | 000,021,640 | -H-- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2004/10/30 17:45:30 | 000,004,161 | -H-- | C] () -- D:\WINDOWS\ODBCINST.INI
[2004/10/30 17:44:30 | 000,363,320 | -H-- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2002/04/11 14:47:52 | 000,049,152 | -H-- | C] () -- D:\WINDOWS\System32\msmscoin.dll
[2001/08/18 08:00:00 | 013,107,200 | -H-- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | -H-- | C] () -- D:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,432,688 | -H-- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | -H-- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | -H-- | C] () -- D:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,067,660 | -H-- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | -H-- | C] () -- D:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | -H-- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | -H-- | C] () -- D:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | -H-- | C] () -- D:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | -H-- | C] () -- D:\WINDOWS\System32\noise.dat

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- D:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\system32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- D:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | -H-- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- D:\WINDOWS\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B7A22351
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:60C47453
@Alternate Data Stream - 106 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5E196FE2

< End of report >

Edited by ThatDude84, 29 March 2011 - 09:21 AM.

[maliprog]

Hi ThatDude84,

Step 1

Please start RogueKiller as before and after it go to Step 2 and run OTL.

Step 2

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - prefs.js..network.proxy.http: "81.144.176.136"
  FF - prefs.js..network.proxy.http_port: 80
  FF - prefs.js..network.proxy.type: 4
  O4 - HKCU..\Run: [aKNbuLKJjWPWEKG] D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe (FPAV)
  [2011/03/26 13:04:06 | 000,546,816 | -H-- | C] (FPAV) -- D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe
  [2011/03/27 12:07:07 | 000,000,336 | -H-- | M] () -- D:\Documents and Settings\All Users\Application Data\18407220
  [2011/03/27 12:06:51 | 000,467,968 | -H-- | M] () -- D:\Documents and Settings\All Users\Application Data\18407220.exe
  [2011/03/26 13:14:46 | 000,000,336 | -H-- | M] () -- D:\Documents and Settings\All Users\Application Data\19455796
  [2011/03/26 13:03:03 | 000,546,816 | -H-- | M] (FPAV) -- D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe
  [2010/03/23 13:44:39 | 000,012,452 | -HS- | C] () -- D:\Documents and Settings\Laura\Local Settings\Application Data\20xYJkS83BHk4
  [2010/03/23 13:44:39 | 000,012,452 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply.

Step 3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4

Please don't forget to include these items in your reply:

• OTL fix log
• Malwarebytes log

It would be helpful if you could post each log in separate post

[ThatDude84]

I still can't see any programs through the start menu.

OTL fix log

All processes killed
========== OTL ==========
Prefs.js: "81.144.176.136" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\aKNbuLKJjWPWEKG deleted successfully.
D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe moved successfully.
File D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe not found.
D:\Documents and Settings\All Users\Application Data\18407220 moved successfully.
D:\Documents and Settings\All Users\Application Data\18407220.exe moved successfully.
D:\Documents and Settings\All Users\Application Data\19455796 moved successfully.
File D:\Documents and Settings\All Users\Application Data\aKNbuLKJjWPWEKG.exe not found.
D:\Documents and Settings\Laura\Local Settings\Application Data\20xYJkS83BHk4 moved successfully.
D:\Documents and Settings\All Users\Application Data\20xYJkS83BHk4 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Documents and Settings\Laura\My Documents\Downloads\cmd.bat deleted successfully.
D:\Documents and Settings\Laura\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.HOME
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Documents and Settings

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Laura
->Temp folder emptied: 1021582 bytes
->Temporary Internet Files folder emptied: 1151335 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47319304 bytes
->Flash cache emptied: 3938 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MDG Setup

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: P3WIN

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 74459 bytes

Total Files Cleaned = 47.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.HOME

User: All Users

User: Default User

User: Documents and Settings

User: Guest
->Flash cache emptied: 0 bytes

User: Laura
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: MDG Setup

User: NetworkService

User: P3WIN

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03292011_212239

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[ThatDude84]

Malwarebytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6210

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/29/2011 10:09:37 PM
mbam-log-2011-03-29 (22-09-37).txt

Scan type: Quick scan
Objects scanned: 185186
Time elapsed: 18 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
d:\documents and settings\Laura\Desktop\mirc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

[maliprog]

Hi ThatDude84,

Do you have anything under Start menu All Programs?

Please close all running programs and Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  regsvr32 /i shell32.dll /c
  %AllUsersProfile%\Start Menu\Programs\*.* /S
  %userprofile%\Start Menu\Programs\*.* /S
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /S
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /S
  

• Click None button first
• Then click the Scan now button at the top
• Let the program run unhindered
• Post the OTL.txt log it produces in your next reply.

[maliprog]

I forget one step in last post...

Quit all running programs and run RogueKiller once again.

• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

[ThatDude84]

Programs are back in start menu.

Rk Report


RogueKiller V4.3.4 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Laura [Admin rights]
Mode: Shortcuts HJfix -- Date : 03/30/2011 09:50:00

Bad processes: 0

File attributes restored:
Desktop: Success 1263 / Fail 0
Quick launch: Success 9 / Fail 0
Programs: Success 259 / Fail 0
Start menu: Success 72 / Fail 0
: Success 834 / Fail 0
My documents: Success 874 / Fail 0
My favorites: Success 27 / Fail 0
: Success 0 / Fail 0
: Success 0 / Fail 0
: Success 0 / Fail 0
Local drives: Success 3 / Fail 1

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[ThatDude84]

OTL Log


OTL logfile created on: 3/30/2011 9:58:38 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\Laura\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 201.00 Mb Available Physical Memory | 39.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 12.67 Gb Total Space | 7.29 Gb Free Space | 57.59% Space Free | Partition Type: FAT32
Drive D: | 37.26 Gb Total Space | 2.04 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive E: | 502.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 09:38:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Laura\My Documents\Downloads\OTL.scr
PRC - [2011/03/07 14:00:35 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/12 12:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) -- D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2008/12/29 05:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Daemon Tools\DAEMON Tools Lite\daemon.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2006/03/06 11:31:52 | 001,122,304 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/03/06 11:17:24 | 000,307,200 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
PRC - [2006/03/06 11:16:48 | 000,378,880 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
PRC - [2006/03/06 11:16:12 | 000,198,656 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
PRC - [2006/03/06 11:15:42 | 000,289,792 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
PRC - [2006/03/06 11:14:58 | 000,497,152 | -H-- | M] (Logitech Inc.) -- D:\Program Files\Logitech\G-series Software\LCDMon.exe
PRC - [2003/06/03 16:16:58 | 000,122,948 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
PRC - [2003/06/03 07:03:00 | 000,245,836 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
PRC - [2003/06/03 07:03:00 | 000,200,782 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
PRC - [2003/06/03 07:03:00 | 000,200,721 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
PRC - [2003/06/03 07:03:00 | 000,135,185 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee VirusScan\vshwin32.exe
PRC - [2003/02/05 05:02:00 | 000,077,824 | -H-- | M] (Network Associates, Inc.) -- D:\Program Files\McAfee\McAfee Firewall\cpd.exe


========== Modules (SafeList) ==========

MOD - [2011/03/29 09:38:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Laura\My Documents\Downloads\OTL.scr
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) [Auto | Running] -- D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/03 09:00:30 | 000,398,848 | -H-- | M] (Ares Development Group) [On_Demand | Stopped] -- D:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2008/04/13 20:11:55 | 000,035,328 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2003/06/03 07:03:00 | 000,200,721 | -H-- | M] (Network Associates, Inc.) [Auto | Running] -- D:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe -- (AvSynMgr)
SRV - [2003/05/15 07:03:00 | 000,245,855 | -H-- | M] () [On_Demand | Stopped] -- D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe -- (McShield)
SRV - [2003/02/05 05:02:00 | 000,077,824 | -H-- | M] (Network Associates, Inc.) [Auto | Running] -- D:\Program Files\McAfee\McAfee Firewall\CPD.EXE -- (McAfee Firewall)
SRV - [2001/08/18 08:00:00 | 000,004,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)


========== Driver Services (SafeList) ==========

DRV - [2010/03/12 22:04:30 | 000,032,768 | -H-- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/03/10 11:36:36 | 000,217,032 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/05 22:48:42 | 000,054,752 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/11 11:58:49 | 000,717,296 | -H-- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2004/11/30 23:12:28 | 000,873,984 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 01:31:18 | 000,036,224 | -H-- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/01/20 12:50:36 | 000,020,648 | -H-- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)
DRV - [2002/08/05 04:00:00 | 000,033,280 | -H-- | M] (Network Associates, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\fw220.sys -- (McAfeePF)
DRV - [2002/05/21 13:40:18 | 000,038,528 | -H-- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\FastNIC.sys -- (FastNIC) SMC EZ Card 10/100 (SMC1244TX V2)
DRV - [2002/04/11 14:47:52 | 000,011,136 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 12:22:04 | 000,023,296 | RH-- | M] () [File_System | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\NaiFiltr.sys -- (NaiFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1561552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.alot.c...(F)&pr=auto&q="

FF - HKLM\software\mozilla\Mozilla 1.7.3\Extensions\\Components: D:\Program Files\mozilla.org\Mozilla\Components [2011/02/19 00:32:15 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.3\Extensions\\Plugins: D:\Program Files\mozilla.org\Mozilla\Plugins [2011/02/19 00:32:15 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/03/26 14:48:49 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/03/29 21:38:56 | 000,000,000 | -H-D | M]

[2008/09/04 11:02:07 | 000,000,000 | -H-D | M] (No name found) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Extensions
[2011/03/29 21:46:06 | 000,000,000 | -H-D | M] (No name found) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions
[2009/09/18 18:23:57 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/08 21:13:15 | 000,000,000 | -H-D | M] (TVU Web Player) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions\[email protected]
[2008/07/14 13:38:16 | 000,000,000 | -H-D | M] (Move Media Player) -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\extensions\[email protected]
[2010/06/11 11:57:20 | 000,002,231 | -H-- | M] () -- D:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\vhuegwiv.default\searchplugins\alot-search.xml
[2011/03/29 21:45:09 | 000,000,000 | -H-D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/03/29 21:39:06 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/29 21:38:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/09 16:01:33 | 000,000,000 | -H-D | M] (PriceGong) -- D:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2011/03/29 21:38:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 12:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/03/27 12:00:19 | 000,000,098 | -H-- | M]) - D:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - D:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - D:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll (Network Associates, Inc.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Launch LCDMon] D:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] D:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [RoxWatchTray] D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [WinampAgent] c:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ATI Launchpad] D:\Program Files\ATI Multimedia\main\launchpd.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Daemon Tools\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [McAfee.InstantUpdate.Monitor] D:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe (Network Associates, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Dan's Stuff\blackberry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\System32\CSLSP.DLL (Networks Associates Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///D:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///D:/Program%20Files/Family%20Feud%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zon...oF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\WINDOWS\Mozilla Wallpaper.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Mozilla Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/30 22:06:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/07/14 05:34:24 | 000,000,025 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 21:39:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2011/03/29 09:27:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Laura\RK_Quarantine
[2011/03/27 12:48:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Laura\Recent
[2011/03/27 12:29:20 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Laura\Application Data\Malwarebytes
[2011/03/27 12:28:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/27 12:28:49 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/27 12:28:44 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2011/03/27 12:28:43 | 000,000,000 | -H-D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2011/03/27 12:02:17 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/03/27 11:54:31 | 000,000,000 | -H-D | C] -- D:\_OTL
[2011/03/27 11:51:47 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Laura\Application Data\PriceGong
[2011/03/27 11:16:30 | 000,000,000 | -H-D | C] -- D:\WINDOWS\temp
[2011/03/27 10:35:17 | 000,161,792 | -H-- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2011/03/27 10:35:17 | 000,031,232 | -H-- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2011/03/27 10:35:16 | 000,212,480 | -H-- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2011/03/27 10:35:16 | 000,136,704 | -H-- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2011/03/27 10:34:42 | 000,000,000 | -H-D | C] -- D:\WINDOWS\ERDNT
[2011/03/27 10:33:43 | 000,000,000 | -H-D | C] -- D:\Qoobox
[2011/03/26 13:14:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Laura\Start Menu\Programs\Windows Repair

========== Files - Modified Within 30 Days ==========

[2011/03/29 22:15:16 | 000,013,002 | -H-- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/03/29 22:13:34 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/03/27 12:33:48 | 000,000,809 | ---- | M] () -- D:\Documents and Settings\Laura\Desktop\Windows Repair.lnk
[2011/03/27 12:00:19 | 000,000,098 | -H-- | M] () -- D:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/27 10:33:35 | 000,000,000 | -H-- | M] () -- D:\WINDOWS\LCDMedia.INI
[2011/03/26 14:56:54 | 000,000,512 | -H-- | M] () -- D:\PhysicalMBR.bin
[2011/03/23 20:38:05 | 000,000,284 | -H-- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/18 19:03:05 | 000,000,256 | -H-- | M] () -- D:\WINDOWS\System32\pool.bin
[2011/03/17 09:50:52 | 000,432,688 | -H-- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/03/17 09:50:52 | 000,067,660 | -H-- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/03/17 03:02:52 | 000,001,374 | -H-- | M] () -- D:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2067/02/24 16:21:18 | 000,079,947 | -H-- | C] () -- D:\WINDOWS\fw20.vxd
[2011/03/27 12:33:47 | 000,000,809 | ---- | C] () -- D:\Documents and Settings\Laura\Desktop\Windows Repair.lnk
[2011/03/27 10:35:17 | 000,256,512 | -H-- | C] () -- D:\WINDOWS\PEV.exe
[2011/03/27 10:35:17 | 000,089,088 | -H-- | C] () -- D:\WINDOWS\MBR.exe
[2011/03/27 10:35:17 | 000,080,412 | -H-- | C] () -- D:\WINDOWS\grep.exe
[2011/03/27 10:35:17 | 000,068,096 | -H-- | C] () -- D:\WINDOWS\zip.exe
[2011/03/27 10:35:16 | 000,098,816 | -H-- | C] () -- D:\WINDOWS\sed.exe
[2011/03/27 10:33:35 | 000,000,000 | -H-- | C] () -- D:\WINDOWS\LCDMedia.INI
[2011/03/26 14:56:54 | 000,000,512 | -H-- | C] () -- D:\PhysicalMBR.bin
[2010/12/07 14:23:15 | 000,180,224 | -H-- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2010/12/07 14:23:14 | 000,765,952 | -H-- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2010/09/14 20:00:00 | 000,077,336 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2010/03/23 14:26:18 | 000,767,952 | -H-- | C] () -- D:\WINDOWS\BDTSupport.dll
[2009/09/17 03:58:11 | 000,000,118 | -H-- | C] () -- D:\WINDOWS\System32\MRT.INI
[2008/09/15 20:11:10 | 000,012,288 | -H-- | C] () -- D:\WINDOWS\System32\DivXWMPExtType.dll
[2008/01/09 07:18:12 | 003,596,288 | -H-- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2007/12/15 19:21:22 | 000,000,256 | -H-- | C] () -- D:\WINDOWS\System32\pool.bin
[2007/01/30 15:52:52 | 000,000,035 | -H-- | C] () -- D:\WINDOWS\worldbuilder.INI
[2006/05/23 18:26:57 | 000,001,050 | -H-- | C] () -- D:\WINDOWS\EReg072.dat
[2005/09/08 17:57:20 | 000,000,621 | -H-- | C] () -- D:\WINDOWS\eReg.dat
[2004/12/23 05:38:13 | 000,001,125 | -H-- | C] () -- D:\WINDOWS\Winamp.ini
[2004/12/13 18:43:01 | 000,000,376 | -H-- | C] () -- D:\WINDOWS\ODBC.INI
[2004/11/09 05:22:47 | 000,235,008 | -H-- | C] () -- D:\Documents and Settings\Laura\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/04 06:00:12 | 000,000,000 | -H-- | C] () -- D:\WINDOWS\ATIMMC.INI
[2004/11/02 03:16:44 | 000,043,520 | -H-- | C] () -- D:\WINDOWS\System32\CmdLineExt03.dll
[2004/11/02 02:54:46 | 000,023,296 | RH-- | C] () -- D:\WINDOWS\System32\drivers\NaiFiltr.sys
[2004/11/02 01:45:05 | 000,004,569 | -H-- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/11/01 01:57:47 | 000,013,373 | -H-- | C] () -- D:\WINDOWS\System32\vctest.ini
[2004/11/01 01:57:38 | 000,009,136 | -H-- | C] () -- D:\WINDOWS\System32\INETWH16.DLL
[2004/11/01 01:55:10 | 000,516,096 | -H-- | C] () -- D:\WINDOWS\System32\ati2sgag.exe
[2004/11/01 01:17:59 | 000,363,520 | -H-- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2004/10/31 20:11:49 | 000,000,335 | -H-- | C] () -- D:\WINDOWS\nsreg.dat
[2004/10/31 20:11:44 | 000,105,168 | -H-- | C] () -- D:\WINDOWS\MozillaUninstall.exe
[2004/10/31 20:11:37 | 000,105,168 | -H-- | C] () -- D:\WINDOWS\GREUninstall.exe
[2004/10/31 20:11:34 | 000,007,539 | -H-- | C] () -- D:\WINDOWS\mozver.dat
[2004/10/30 22:08:28 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2004/10/30 22:02:53 | 000,021,640 | -H-- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2004/10/30 17:45:30 | 000,004,161 | -H-- | C] () -- D:\WINDOWS\ODBCINST.INI
[2004/10/30 17:44:30 | 000,363,320 | -H-- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2002/04/11 14:47:52 | 000,049,152 | -H-- | C] () -- D:\WINDOWS\System32\msmscoin.dll
[2001/08/18 08:00:00 | 013,107,200 | -H-- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | -H-- | C] () -- D:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,432,688 | -H-- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | -H-- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | -H-- | C] () -- D:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,067,660 | -H-- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | -H-- | C] () -- D:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | -H-- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | -H-- | C] () -- D:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | -H-- | C] () -- D:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | -H-- | C] () -- D:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/01/02 20:30:58 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/01/11 12:27:16 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/12/07 14:23:15 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\GeoVid
[2006/08/11 14:33:06 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\MANSION
[2007/05/27 17:39:01 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\pixelStorm
[2011/03/29 22:13:53 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/16 13:14:35 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/09/06 15:18:37 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\.bittorrent
[2007/12/15 18:58:14 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\Blackberry Desktop
[2009/01/11 12:28:28 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\DAEMON Tools
[2009/01/11 12:35:34 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\DAEMON Tools Lite
[2009/01/11 12:28:28 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\DAEMON Tools Pro
[2010/12/07 14:25:30 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\GeoVid
[2007/07/29 21:26:35 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\Nikon
[2006/08/10 18:33:18 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\Oakville420
[2010/08/18 16:23:13 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\OpenCandy
[2010/06/09 16:29:09 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\OpenOffice.org
[2011/03/29 11:38:30 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\PriceGong
[2007/12/15 19:21:23 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\Research In Motion
[2008/02/22 19:15:10 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\SpinTop
[2006/08/10 18:27:33 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\T��
[2010/08/24 18:58:30 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\Uniblue
[2011/02/05 17:16:59 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\Laura\Application Data\uqm

========== Purity Check ==========



========== Custom Scans ==========


< regsvr32 /i shell32.dll /c >

< %AllUsersProfile%\Start Menu\Programs\*.* /S >
[2008/04/28 13:31:12 | 000,001,810 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2008/10/23 14:08:18 | 000,001,830 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2004/10/30 17:45:03 | 000,000,062 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini
[2004/12/13 18:48:43 | 000,001,934 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2003.lnk
[2004/11/01 02:08:43 | 000,001,958 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse.lnk
[2004/12/13 19:31:47 | 000,001,614 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! Photo 7.0.lnk
[2011/03/24 17:35:09 | 000,002,489 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2004/12/13 18:40:30 | 000,001,605 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2004/11/01 02:08:43 | 000,001,990 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Mouse Healthy Computing Guide.lnk
[2004/11/02 02:42:16 | 000,000,785 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2007/07/27 17:41:40 | 000,001,498 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk
[2004/10/30 22:04:21 | 000,000,253 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini
[2010/03/18 11:11:56 | 000,001,515 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk
[2008/09/20 08:31:00 | 000,001,585 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk
[2004/10/30 22:04:21 | 000,000,790 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Movie Maker.lnk
[2004/10/30 22:01:53 | 000,000,879 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk
[2004/10/30 22:01:53 | 000,001,520 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2004/10/30 22:01:53 | 000,000,090 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini
[2008/09/20 08:34:51 | 000,000,516 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini
[2004/10/30 22:01:53 | 000,000,786 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk
[2004/10/30 21:57:28 | 000,001,757 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk
[2004/10/30 22:04:11 | 000,001,640 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2004/10/30 21:57:28 | 000,001,646 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/09/20 08:34:51 | 000,001,656 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2004/10/31 01:19:15 | 000,000,204 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini
[2004/10/30 22:01:53 | 000,001,528 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2004/10/30 22:06:04 | 000,001,599 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Activate Windows.lnk
[2008/02/17 12:09:47 | 000,001,521 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk
[2004/11/02 02:04:15 | 000,000,703 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini
[2004/10/30 22:04:17 | 000,001,532 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2004/10/30 22:04:15 | 000,001,572 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2004/10/30 22:06:04 | 000,001,591 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2004/10/30 22:04:17 | 000,001,753 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2004/10/30 22:04:15 | 000,001,070 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk
[2004/10/30 22:04:17 | 000,001,616 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk
[2004/10/30 22:02:35 | 000,001,582 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk
[2007/01/30 15:19:59 | 000,001,602 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk
[2004/10/30 22:06:04 | 000,001,596 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2004/10/30 22:06:04 | 000,000,476 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini
[2004/10/30 22:06:04 | 000,001,592 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
[2007/10/08 12:32:13 | 000,001,591 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk
[2004/10/31 03:13:53 | 000,001,602 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
[2005/12/26 19:07:47 | 000,001,632 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Panorama Maker 3\Panorama Maker 3.lnk
[2004/11/01 01:55:57 | 000,001,786 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI HydraVision\HydraVision Help.lnk
[2004/11/01 01:55:57 | 000,001,786 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI HydraVision\HydraVision Properties.lnk
[2004/11/01 01:55:57 | 000,001,807 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI HydraVision\HydraVision Wizard.lnk
[2004/11/01 01:58:10 | 000,001,619 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI Multimedia Center\CD Audio.lnk
[2004/11/01 01:57:47 | 000,001,611 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI Multimedia Center\Configuration.lnk
[2004/11/01 01:58:00 | 000,001,621 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI Multimedia Center\DVD.lnk
[2004/11/01 01:58:14 | 000,001,631 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI Multimedia Center\File Player.lnk
[2004/11/01 01:58:10 | 000,001,627 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI Multimedia Center\LaunchPad.lnk
[2004/11/01 01:58:19 | 000,001,659 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI Multimedia Center\Library.lnk
[2004/11/01 01:58:04 | 000,001,625 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\ATI Multimedia Center\Video CD.lnk
[2009/10/01 18:55:53 | 000,000,996 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry\BlackBerry Device Manager.lnk
[2009/10/01 18:55:52 | 000,001,372 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry\Desktop Manager.lnk
[2009/10/01 18:55:53 | 000,001,430 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry\Readme.lnk
[2009/01/02 20:33:31 | 000,000,872 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Canon iP1700\Readme.lnk
[2009/01/02 20:33:33 | 000,001,238 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Canon iP1700\Uninstall.lnk
[2008/10/02 14:15:59 | 000,001,709 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint Readme.lnk
[2008/10/02 14:15:59 | 000,001,771 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint Uninstall.lnk
[2008/10/02 14:15:59 | 000,001,716 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint\Easy-PhotoPrint.lnk
[2009/01/11 12:27:11 | 000,000,512 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk
[2009/01/11 12:27:11 | 000,000,512 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite\Uninstall.lnk
[2008/09/25 18:16:40 | 000,001,622 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Check for DivX Updates.lnk
[2008/09/25 18:19:19 | 000,000,673 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Remove the DivX Bundle.lnk
[2008/09/25 18:16:25 | 000,001,286 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Why Buy DivX Pro.lnk
[2008/09/25 18:16:58 | 000,000,713 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\Decoder Configuration Utility.lnk
[2008/09/25 18:17:29 | 000,000,791 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\DivX EKG.lnk
[2008/09/25 18:16:58 | 000,000,718 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\License.lnk
[2008/09/25 18:16:58 | 000,000,713 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\ReadMe.lnk
[2008/09/25 18:16:58 | 000,001,630 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\Register Products.lnk
[2008/09/25 18:16:58 | 000,000,515 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\Remove the DivX Codec.lnk
[2008/09/25 18:16:58 | 000,001,238 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\Links\Latest DivX Codec news.lnk
[2008/09/25 18:16:58 | 000,001,356 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\Links\Learn about DivX Pro Codec.lnk
[2008/09/25 18:16:59 | 000,001,286 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Codec\Links\Why Buy DivX Pro.lnk
[2008/09/25 18:18:16 | 000,000,824 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Converter\Converter.lnk
[2008/09/25 18:18:16 | 000,000,812 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Converter\License.lnk
[2008/09/25 18:18:16 | 000,000,807 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Converter\ReadMe.lnk
[2008/09/25 18:18:16 | 000,001,632 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Converter\Register Products.lnk
[2008/09/25 18:18:16 | 000,000,543 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Converter\Remove the DivX Converter.lnk
[2008/09/25 18:18:16 | 000,001,280 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Converter\Links\Latest DivX Converter news.lnk
[2008/09/25 18:18:16 | 000,001,334 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Converter\Links\Learn about DivX Converter.lnk
[2008/09/25 18:18:17 | 000,001,286 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Converter\Links\Why Buy DivX Pro.lnk
[2008/09/25 18:18:46 | 000,000,745 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Player\DivX Player.lnk
[2008/09/25 18:18:46 | 000,000,723 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Player\License.lnk
[2008/09/25 18:18:46 | 000,000,718 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Player\ReadMe.lnk
[2008/09/25 18:18:46 | 000,000,521 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Player\Remove the DivX Player.lnk
[2008/09/25 18:18:47 | 000,001,262 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Player\Links\Latest DivX Player news.lnk
[2008/09/25 18:18:46 | 000,001,274 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Player\Links\Learn about DivX advanced features.lnk
[2008/09/25 18:18:46 | 000,001,316 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Player\Links\Learn about DivX Player.lnk
[2009/09/30 18:06:49 | 000,000,743 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Web Player\License.lnk
[2009/09/30 18:06:49 | 000,000,738 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Web Player\ReadMe.lnk
[2009/09/30 18:06:49 | 000,000,537 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Web Player\Remove the DivX Web Player.lnk
[2009/09/30 18:06:49 | 000,001,038 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\DivX Web Player\Links\Learn about DivX Web Player.lnk
[2008/09/25 18:16:25 | 000,001,232 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\DivX Forums.lnk
[2008/09/25 18:16:24 | 000,001,202 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\DivX Labs.lnk
[2008/09/25 18:16:25 | 000,001,244 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\DivX Products.lnk
[2008/09/25 18:16:25 | 000,001,268 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\DivX Support.lnk
[2008/09/25 18:16:25 | 000,001,274 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\Learn about DivX advanced features.lnk
[2008/09/25 18:16:25 | 000,001,262 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\Learn about DivX Author.lnk
[2008/09/25 18:16:25 | 000,001,274 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\Learn about DivX software.lnk
[2008/09/25 18:16:24 | 000,001,256 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\Visit DivX.com.lnk
[2008/09/25 18:16:25 | 000,001,286 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX\Helpful Links\Why Buy DivX Pro.lnk
[2005/03/09 22:41:16 | 000,000,798 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\desktop.ini
[2006/03/04 17:19:45 | 000,001,522 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Freecell.lnk
[2011/03/30 09:51:18 | 000,001,520 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Hearts.lnk
[2005/03/09 22:41:17 | 000,000,913 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk
[2005/03/09 22:41:16 | 000,000,913 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk
[2005/03/09 22:41:16 | 000,000,913 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk
[2005/03/09 22:41:16 | 000,000,913 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk
[2005/03/09 22:41:16 | 000,000,913 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk
[2007/02/15 18:21:48 | 000,001,515 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk
[2004/10/30 22:01:53 | 000,000,885 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Pinball.lnk
[2009/01/19 19:03:39 | 000,001,491 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire.lnk
[2005/01/03 19:47:21 | 000,001,502 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk
[2011/02/19 00:49:13 | 000,001,814 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes\About iTunes.lnk
[2011/02/19 00:49:13 | 000,001,554 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes\iTunes.lnk
[2007/12/25 19:00:36 | 000,001,785 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Logitech\G-series Keyboard Software\Launch G-series Keyboard Profiler.lnk
[2010/07/26 11:07:31 | 000,001,631 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk
[2010/07/26 11:07:34 | 000,000,915 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk
[2004/11/02 02:55:12 | 000,001,661 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee Firewall.lnk
[2004/11/02 02:54:35 | 000,001,691 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\McAfee\VirusScan Home Edition.lnk
[2004/11/02 02:55:11 | 000,001,861 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee Shared Features\Instant Updater.lnk
[2004/11/02 02:55:11 | 000,000,823 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee Shared Features\McAfee Guardian.lnk
[2004/11/02 02:55:12 | 000,001,833 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee Shared Features\Visual Trace.lnk
[2004/12/13 19:34:51 | 000,001,850 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Encarta\Encarta Encyclopedia Standard 2003.lnk
[2009/09/16 09:52:18 | 000,001,448 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in\Office Live Add-in Help.lnk
[2009/09/16 09:52:18 | 000,001,348 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in\Office Live Workspace.lnk
[2004/12/13 18:42:34 | 000,001,834 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\Activate Product.lnk
[2004/12/13 18:42:33 | 000,001,988 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2004/12/13 18:42:33 | 000,001,876 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2004/12/13 18:42:34 | 000,002,138 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2004/12/13 18:42:34 | 000,002,090 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2004/12/13 18:42:34 | 000,001,902 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
[2004/12/13 18:42:34 | 000,001,908 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
[2010/07/14 03:06:48 | 000,002,549 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk
[2009/07/22 12:46:05 | 000,002,561 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
[2009/07/22 13:02:07 | 000,002,279 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk
[2009/07/22 12:46:05 | 000,002,517 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
[2009/07/22 12:46:06 | 000,002,599 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
[2009/07/22 12:46:05 | 000,002,553 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
[2009/07/22 12:46:05 | 000,002,533 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2009/07/22 12:46:05 | 000,002,433 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
[2009/07/22 12:46:05 | 000,002,531 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
[2009/07/22 12:46:05 | 000,002,511 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
[2011/03/18 03:04:42 | 000,001,986 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
[2004/12/13 18:40:31 | 000,001,535 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\Getting Started.lnk
[2004/12/13 18:40:30 | 000,001,861 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2004/12/13 18:40:29 | 000,001,976 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk
[2004/12/13 18:40:31 | 000,001,593 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2004/12/13 18:40:30 | 000,001,597 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2004/12/13 18:40:30 | 000,001,611 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2004/12/13 18:40:30 | 000,000,688 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\Windows Address Book.lnk
[2007/09/05 19:45:35 | 000,001,636 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
[2007/09/05 19:45:35 | 000,001,614 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk
[2004/10/31 20:11:43 | 000,001,696 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla\License.lnk
[2004/10/31 20:11:42 | 000,001,696 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla\Mozilla.lnk
[2004/10/31 20:11:42 | 000,001,728 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla\Profile Manager.lnk
[2004/10/31 20:11:43 | 000,001,689 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla\Readme.lnk
[2010/06/09 16:19:16 | 000,000,114 | -H-- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.1\Desktop.ini
[2005/12/26 19:09:39 | 000,001,752 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PictureProject\PictureProject Help.lnk
[2005/12/26 19:09:40 | 000,001,817 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PictureProject\PictureProject ReadMe.lnk
[2005/12/26 19:09:39 | 000,001,917 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PictureProject\PictureProject Uninstall.lnk
[2005/12/26 19:09:39 | 000,001,710 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PictureProject\PictureProject.lnk
[2007/12/19 20:02:58 | 000,000,728 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.NET\Network Status.lnk
[2007/12/19 20:02:58 | 000,000,780 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.NET\PokerStars.net.lnk
[2007/12/19 20:02:58 | 000,000,831 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.NET\Uninstall PokerStars.net.lnk
[2010/10/11 14:07:27 | 000,000,051 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PS3 Theme Builder\PS3 Theme Builder on the Web.url
[2010/10/11 14:07:27 | 000,000,722 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\PS3 Theme Builder\PS3 Theme Builder.lnk
[2011/02/19 00:31:26 | 000,001,802 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\About QuickTime.lnk
[2011/02/19 00:31:26 | 000,001,812 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\PictureViewer.lnk
[2011/02/19 00:31:25 | 000,001,802 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Player.lnk
[2011/02/19 00:31:26 | 000,001,639 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk
[2010/03/23 14:23:34 | 000,001,429 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor\More solutions from PC Tools.lnk
[2010/03/23 14:23:34 | 000,000,748 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor\Spyware Doctor Quick Start Guide.lnk
[2010/03/23 14:23:34 | 000,001,649 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor\Spyware Doctor.lnk
[2010/03/23 14:23:34 | 000,000,732 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor\Uninstall Spyware Doctor.lnk
[2008/04/28 13:31:13 | 000,001,757 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/01 18:55:53 | 000,001,372 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2004/10/30 22:06:04 | 000,000,084 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2010/07/26 11:07:32 | 000,001,611 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2004/12/13 18:42:34 | 000,001,730 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2005/12/26 19:09:39 | 000,001,648 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
[2005/01/12 02:15:58 | 000,001,518 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2008/08/28 23:10:25 | 000,000,361 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Teamspeak2 RC2\Teamspeak RC2.lnk
[2010/08/18 16:23:46 | 000,000,767 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk
[2004/11/01 01:09:24 | 000,001,439 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004\Play UT2004.lnk
[2004/11/01 01:09:24 | 000,000,605 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004\Release Notes.lnk
[2004/11/01 01:09:24 | 000,001,472 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004\Uninstall Unreal Tournament 2004.lnk
[2004/11/01 01:09:24 | 000,001,455 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004\UT2004 Editor.lnk
[2004/11/01 01:09:24 | 000,000,595 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004\UT2004 Manual.lnk
[2004/11/01 01:09:24 | 000,001,451 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004\UT2004 Safe Mode.lnk
[2004/11/01 01:09:24 | 000,000,686 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Unreal Tournament 2004\UT2004 Web Page.lnk
[2010/12/07 14:23:24 | 000,000,281 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Video Avatar\Home page.lnk
[2010/12/07 14:23:24 | 000,000,361 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Video Avatar\Video Avatar.lnk
[2010/08/18 16:23:20 | 000,000,389 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Winamp\Uninstall Winamp.lnk
[2010/08/18 16:23:20 | 000,000,468 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Winamp\What's New.lnk
[2010/08/18 16:23:20 | 000,000,460 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Winamp\Winamp.lnk
[2009/09/16 09:26:36 | 000,001,690 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Live\Windows Live Call.lnk
[2009/09/16 09:52:07 | 000,001,978 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk
[2009/09/16 09:32:39 | 000,001,931 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Live\Windows Live Mail.lnk
[2009/09/16 09:29:22 | 000,001,839 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Live\Windows Live Messenger .lnk
[2009/09/16 09:38:22 | 000,001,947 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Live\Windows Live Photo Gallery.lnk
[2009/09/16 09:51:21 | 000,001,914 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Live\Windows Live Writer.lnk
[2005/01/12 02:15:58 | 000,000,642 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\WinZip\Help Manual.lnk
[2005/01/12 02:15:58 | 000,000,640 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\WinZip\ReadMe.txt.lnk
[2005/01/12 02:15:58 | 000,001,538 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\WinZip\Uninstall WinZip.lnk
[2005/01/12 02:15:58 | 000,000,652 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\WinZip\What's New.lnk
[2005/01/12 02:15:58 | 000,000,662 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\WinZip\WinZip 9.0 SR-1.lnk
[2010/10/11 14:05:30 | 000,000,707 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Xross Media Simulator\Uninstall Xross Media Simulator.lnk
[2010/10/11 14:05:30 | 000,000,051 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Xross Media Simulator\Xross Media Simulator on the Web.url
[2010/10/11 14:05:30 | 000,000,762 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Xross Media Simulator\Xross Media Simulator.lnk

< %userprofile%\Start Menu\Programs\*.* /S >
[2008/09/20 20:22:49 | 000,000,292 | -HS- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\desktop.ini
[2009/09/26 06:18:02 | 000,000,803 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Internet Explorer.lnk
[2008/09/20 20:22:49 | 000,000,738 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Outlook Express.lnk
[2004/10/30 22:06:04 | 000,001,599 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Remote Assistance.lnk
[2004/12/27 03:02:18 | 000,000,792 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Windows Media Player.lnk
[2005/09/06 14:55:01 | 000,000,742 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\3d Mini Golf\3d Mini Golf.lnk
[2005/09/06 14:55:01 | 000,000,782 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\3d Mini Golf\Buy 3d Mini Golf.lnk
[2005/09/06 14:55:01 | 000,000,549 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\3d Mini Golf\Uninstall.lnk
[2008/09/20 20:22:49 | 000,000,774 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Address Book.lnk
[2004/10/30 22:06:04 | 000,001,555 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Command Prompt.lnk
[2008/09/20 20:22:49 | 000,000,542 | -HS- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\desktop.ini
[2004/12/06 22:41:36 | 000,001,519 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Notepad.lnk
[2004/10/30 22:06:04 | 000,000,386 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
[2004/10/30 22:06:04 | 000,001,519 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Synchronize.lnk
[2004/10/31 03:17:57 | 000,001,527 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Tour Windows XP.lnk
[2004/10/30 22:04:17 | 000,001,487 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Windows Explorer.lnk
[2004/10/30 22:06:04 | 000,000,348 | -HS- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Accessibility\desktop.ini
[2004/10/30 22:06:04 | 000,001,525 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
[2004/10/30 22:06:04 | 000,001,532 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
[2004/10/30 22:06:04 | 000,001,501 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
[2004/10/30 22:06:04 | 000,001,539 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
[2004/10/30 22:06:04 | 000,000,084 | -HS- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Entertainment\desktop.ini
[2004/12/27 03:02:17 | 000,000,804 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
[2009/09/26 06:18:02 | 000,000,833 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[2010/06/09 16:00:24 | 000,000,062 | -HS- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Administrative Tools\desktop.ini
[2009/05/07 10:43:19 | 000,000,638 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Ares\Ares.lnk
[2009/05/07 10:43:20 | 000,000,729 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Ares\Homepage.lnk
[2009/05/07 10:43:19 | 000,000,672 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Ares\Host Chatroom.lnk
[2009/05/07 10:43:20 | 000,000,667 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Ares\Uninstall.lnk
[2008/01/11 15:41:02 | 000,000,569 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\DOSBox-0.63\DOSBox.conf.lnk
[2008/01/11 16:10:42 | 000,000,471 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\DOSBox-0.63\DOSBox.lnk
[2008/01/11 15:41:02 | 000,000,705 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\DOSBox-0.63\README.lnk
[2008/01/11 15:41:02 | 000,001,415 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\DOSBox-0.63\Uninstall.lnk
[2011/02/05 16:26:59 | 000,000,507 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Key Configuration.lnk
[2011/02/05 16:26:59 | 000,000,371 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Keyboard Test.lnk
[2011/02/05 16:26:59 | 000,000,505 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Options Configuration.lnk
[2011/02/05 16:26:59 | 000,000,599 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Saved Games.lnk
[2011/02/05 16:26:58 | 000,000,358 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\The Ur-Quan Masters.lnk
[2011/02/05 16:26:59 | 000,000,301 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Uninstall.lnk
[2011/02/05 16:26:58 | 000,000,374 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Documentation\AUTHORS.lnk
[2011/02/05 16:26:58 | 000,000,374 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Documentation\COPYING.lnk
[2011/02/05 16:26:58 | 000,000,371 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Documentation\Manual.lnk
[2011/02/05 16:26:58 | 000,000,371 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Documentation\README.lnk
[2011/02/05 16:26:58 | 000,000,379 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Games\The Ur-Quan Masters\Documentation\WhatsNew.lnk
[2006/08/21 22:55:40 | 000,000,152 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\GameSpy Arcade\GameSpy Arcade Help.url
[2006/08/21 22:55:38 | 000,000,136 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\GameSpy Arcade\GameSpy Arcade Website.url
[2007/12/26 13:37:10 | 000,000,695 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\GameSpy Arcade\GameSpy Arcade.lnk
[2006/08/21 22:55:44 | 000,000,124 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\GameSpy Arcade\GameSpy.com Gaming's Homepage.url
[2006/08/21 22:55:28 | 000,000,127 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\GameSpy Arcade\Register GameSpy Arcade.url
[2007/12/26 13:37:10 | 000,000,702 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\GameSpy Arcade\Uninstall GameSpy Arcade.lnk
[2007/08/05 14:19:11 | 000,002,054 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Google Earth\Launch Google Earth.lnk
[2007/08/05 14:19:11 | 000,001,803 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk
[2004/10/30 22:06:04 | 000,000,084 | -HS- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Startup\desktop.ini
[2010/08/18 16:22:53 | 000,000,441 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Winamp Detector Plug-in\Uninstall Winamp Detector Plug-in.lnk
[2004/12/23 05:43:11 | 000,000,678 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Winamp\Uninstall Winamp.lnk
[2004/12/23 05:43:11 | 000,000,678 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Winamp\What's New.lnk
[2004/12/23 05:43:11 | 000,000,666 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Winamp\Winamp.lnk
[2011/03/26 13:15:01 | 000,000,893 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
[2011/03/26 13:15:01 | 000,000,821 | ---- | M] () -- D:\Documents and Settings\Laura\Start Menu\Programs\Windows Repair\Windows Repair.lnk

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /S >
"AppData" = %USERPROFILE%\Application Data -- [2011/03/27 12:29:20 | 000,000,000 | RH-D | M]
"Desktop" = %USERPROFILE%\Desktop -- [2011/03/29 22:09:37 | 000,000,000 | ---D | M]
"Favorites" = %USERPROFILE%\Favorites -- [2007/12/11 11:15:10 | 000,000,000 | ---D | M]
"NetHood" = %USERPROFILE%\NetHood -- [2011/01/12 13:53:35 | 000,000,000 | ---D | M]
"Personal" = %USERPROFILE%\My Documents -- [2011/01/17 15:01:14 | 000,000,000 | ---D | M]
"PrintHood" = %USERPROFILE%\PrintHood -- [2004/10/30 17:45:03 | 000,000,000 | ---D | M]
"Programs" = %USERPROFILE%\Start Menu\Programs -- [2011/03/26 13:14:56 | 000,000,000 | ---D | M]
"SendTo" = %USERPROFILE%\SendTo -- [2004/10/30 22:11:46 | 000,000,000 | ---D | M]
"Start Menu" = %USERPROFILE%\Start Menu -- [2005/03/04 12:38:55 | 000,000,000 | ---D | M]
"Startup" = %USERPROFILE%\Start Menu\Programs\Startup -- [2010/08/13 13:34:43 | 000,000,000 | ---D | M]
"Templates" = %USERPROFILE%\Templates -- [2010/03/23 13:44:40 | 000,000,000 | ---D | M]
"My Pictures" = %USERPROFILE%\Desktop\My Pictures -- [2010/10/31 12:10:32 | 000,000,000 | ---D | M]
"Local Settings" = %USERPROFILE%\Local Settings -- [2009/11/17 17:06:07 | 000,000,000 | -H-D | M]
"Local AppData" = %USERPROFILE%\Local Settings\Application Data -- [2011/03/29 21:22:52 | 000,000,000 | -H-D | M]
"Cache" = %USERPROFILE%\Local Settings\Temporary Internet Files -- [2011/03/29 21:26:46 | 000,000,000 | -HSD | M]
"Cookies" = %USERPROFILE%\Cookies -- [2011/03/29 22:15:17 | 000,000,000 | -HSD | M]
"History" = %USERPROFILE%\Local Settings\History -- [2004/11/02 02:42:34 | 000,000,000 | -HSD | M]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\New]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /S >
"Common Desktop" = %ALLUSERSPROFILE%\Desktop -- [2011/03/29 21:42:48 | 000,000,000 | -H-D | M]
"Common Start Menu" = %ALLUSERSPROFILE%\Start Menu -- [2010/06/09 16:10:24 | 000,000,000 | RH-D | M]
"Common Programs" = %ALLUSERSPROFILE%\Start Menu\Programs -- [2011/03/29 21:35:07 | 000,000,000 | ---D | M]
"Common Startup" = %ALLUSERSPROFILE%\Start Menu\Programs\Startup -- [2010/07/26 11:07:32 | 000,000,000 | ---D | M]
"Common AppData" = %ALLUSERSPROFILE%\Application Data -- [2011/03/29 21:39:42 | 000,000,000 | RH-D | M]
"Common Templates" = %ALLUSERSPROFILE%\Templates -- [2010/08/13 13:47:48 | 000,000,000 | -H-D | M]
"Common Favorites" = %ALLUSERSPROFILE%\Favorites -- [2004/10/30 17:45:03 | 000,000,000 | -H-D | M]
"Common Documents" = %ALLUSERSPROFILE%\Documents -- [2009/09/16 09:27:10 | 000,000,000 | RH-D | M]

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:B7A22351
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 107 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:60C47453
@Alternate Data Stream - 106 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5E196FE2

< End of report >

[maliprog]

Hi ThatDude84,

How is your system now? Any changes?

[ThatDude84]

Haven't seen any traces of the virus since the OTL fix and MalwareBytes scan. All the programs have returned to the Start menu and so have my desktop icons.

Thank you for your patience and help mailprog!

[maliprog]

Hi ThatDude84,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.